Requirements
These are the network requirements for a secure working installation:
Internal resources (configured from the CloudGen Access Console) can only communicate with the internal leg of the Envoy Proxy.
The Envoy proxy has an internal leg and an internet-facing leg.
The Internet-facing leg needs to expose the configured CloudGen Access Proxy port.
Firewall Configuration
Component | Description | Direction | Protocol / Port | Mode |
---|---|---|---|---|
Envoy Proxy | Access port | Inbound | Configured in Console | All |
Registered resources | Outbound | Configured in Console | All | |
CloudGen Access Proxy Orchestrator | Outbound | TCP 50051 | All | |
CloudGen Access Proxy Orchestrator | Envoy Proxy Cluster | Inbound | TCP 50051 | All |
CloudGen Access Console API | Outbound | TCP 443 | All | |
Redis | Outbound | Configured Redis port | HA mode |